Test Redirect

Discussion in 'other anti-malware software' started by Sampei Nihira, Jan 19, 2014.

Thread Status:
Not open for further replies.
  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    Open the website below:

    -http://turbobit.net/1nn90f9cdnk0.html-

    Javascript on
    Click "Regular Download".

    Firefox + Noscript:

    Noscript.JPG

    Firefox + Ghostery:

    Ghostery.JPG

    Chrome + HTTP Switchboard:

    Chrome.JPG

    Th Crazy.Cat admin Turbolab.it
    Sorry my bad English.
     
  2. guest

    guest Guest

    Comodo Dragon + HTTPSB. All requests are blacklisted by default except CSS and IMG.

    Redirect.jpg

    Dunno if this is supposed to be a good or bad result lol.
     
  3. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    747
    Location:
    Canada
    I tried hxxp://turbobit.net/1nn90f9cdnk0.html and I am unable to get a redirection even after allowing "all". Something changed since then on this page? The fact that another tab was opened this tells me it's more related to javascript lanching a new tab than server-side redirection (which is the one usually users cannot easily spot).

    Regarding aad73c550c.se I checked, and it is not in any preset blocked hosts, so I will add it to the HTTPSB's maintained one. There was a lot of mitigation when your browser downloaded the image from aad73c550c.se: no scripts were executed, no cookies were sent, no referer info was sent.
     
  4. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    747
    Location:
    Canada
    Ah ok, got it, I missed I had to click on the "Regular Download" button.

    So indeed this is javascript opening a pop-up window, not a HTTP redirect header.

    Now if you have the option "Do not allow any site to show pop-ups (recommended)" checked in Chromium, the new tab is not created.

    So really I don't see a big deal here:

    - Popups might be blocked as per user settings.
    - If not, the popup URL might be blacklisted (no request will reach it -- as seen in the Sampei Nihira's screenshot).
    - If not, the popup hostname is quite probably graylisted (default out-of-the-box settings), i.e. javascript will not execute, cookies will be removed, referer will be blanked -- as seen in GrafZeppelin's screenshot.
     
  5. guest

    guest Guest

    The native popup blocker in Chromium browsers barely blocks any popups. I still set it like that though, but I wouldn't rely on it.
     
  6. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    Go to the web page and take the test, then close your browser and repeat

    Immagine.JPG
     
    Last edited: Jan 20, 2014
  7. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    747
    Location:
    Canada


    ?

    I did the test already, you quoted my findings.
     
Loading...
Thread Status:
Not open for further replies.